ALT-BU-2023-2770-1
Branch sisyphus_e2k update bulletin.
Package sqlite3 updated to version 3.41.0-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2023-11-07
CVE-2023-36191
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Package python3-module-keyring updated to version 23.14.0-alt1 for branch sisyphus_e2k.
Closed bugs
Please update to 23.14.0
Package sudo updated to version 1.9.13p2-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
BDU:2023-01183
Уязвимость функции set_cmnd_path() программы системного администрирования Sudo, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2025-03-22
CVE-2023-27320
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
- [oss-security] 20230301 Re: sudo: double free with per-command chroot sudoers rules
- [oss-security] 20230301 Re: sudo: double free with per-command chroot sudoers rules
- FEDORA-2023-cb5df36beb
- FEDORA-2023-cb5df36beb
- FEDORA-2023-d2d6ec2a32
- FEDORA-2023-d2d6ec2a32
- FEDORA-2023-11c9d868ca
- FEDORA-2023-11c9d868ca
- GLSA-202309-12
- GLSA-202309-12
- https://security.netapp.com/advisory/ntap-20230413-0009/
- https://security.netapp.com/advisory/ntap-20230413-0009/
- https://www.openwall.com/lists/oss-security/2023/02/28/1
- https://www.openwall.com/lists/oss-security/2023/02/28/1
- https://www.sudo.ws/releases/stable/#1.9.13p2
- https://www.sudo.ws/releases/stable/#1.9.13p2
Modified: 2024-11-21
CVE-2023-28486
Sudo before 1.9.13 does not escape control characters in log messages.
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
- [debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update
- GLSA-202309-12
- https://security.netapp.com/advisory/ntap-20230420-0002/
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://security.netapp.com/advisory/ntap-20230420-0002/
- GLSA-202309-12
- [debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
Modified: 2024-11-21
CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
- [debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update
- GLSA-202309-12
- https://security.netapp.com/advisory/ntap-20230420-0002/
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://security.netapp.com/advisory/ntap-20230420-0002/
- GLSA-202309-12
- [debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
Package mate-menu updated to version 22.04.2-alt4 for branch sisyphus_e2k.
Closed bugs
Не открывается меню настроек mate-menu
Package python3-module-avro updated to version 1.11.1-alt1 for branch sisyphus_e2k.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2021-43045
A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.
- [oss-security] 20220106 CVE-2021-43045: Apache Avro: Possible DOS vulnerabilities in C# Avro SDK
- [oss-security] 20220106 CVE-2021-43045: Apache Avro: Possible DOS vulnerabilities in C# Avro SDK
- https://lists.apache.org/thread/5fttw9vk6gd2p3b846nox7hcj5469xfd
- https://lists.apache.org/thread/5fttw9vk6gd2p3b846nox7hcj5469xfd